By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
The move, which is likely to be followed by the wider roll-out of two-factor authentication for consumers using online banking services, is part of the banks' fight against phishing - criminals using spoof e-mails to obtain people's passwords and account details - which they fear is eroding confidence in online banking.
Apacs is co-ordinating the development of technical standards for two-factor authentication, based on security standards developed by Visa and MasterCard. But it will leave it to each bank to decide how they deploy the technology.
"We are not looking at any requirements of timescales or co-ordinated roll-out," said Tom Salmond, e-commerce consultant at Apacs. "Each bank is looking at applicable time schedules and applicable customer segments.
"Small business customers are likely to be the first. The first deployment is likely by the end of the year."
UK banks are developing technical standards to offer two-factor authentication using a combination of chip and Pin cards and readers to generate one-time passwords.
Other security technologiesare also under consideration, including a challenge response mechanism that would require the bank to e-mail the customer a number to type into a card reader to generate a one-time password.
Another option is a data signing function, which would require the customer to confirm the account number and the amount of money to be transferred when moving money between accounts.
The additional security measures are designed to prevent "man-in-the-middle" attacks, in which a hacker intercepts a one-time password and then uses it to access a customer's online bank account.
"The aim is to define which elements of the MasterCard and Visa authentication standards are most applicable in the UK," said Salmond. "Several different options are being reviewed."
Apacs said it expects to complete the technical specifications for the authentication system by early May. Banks are likely to pilot the technology during the summer.